Huawei has recently shared information regarding the HarmonyOS 3 beta. Now, the Chinese tech giant also shared the security patch details for the month of July 2022.
In July 2022 EMUI security patch details, Huawei fixes 2 critical, 12 High levels, and 18 medium levels of CVEs while there are no low levels of CVEs.
This security update includes the CVE announced in the June 2022 Android security bulletin:
Critical: CVE-2022-20130, CVE-2022-20145
High: CVE-2021-39691, CVE-2022-20006, CVE-2022-20134, CVE-2022-20135, CVE-2022-20142, CVE-2022-20143, CVE-2022-20141, CVE-2021-4154, CVE-2022-25375, CVE-2022-24958, CVE-2022-25258, CVE-2022-20132
Medium: CVE-2021-39806, CVE-2022-20197, CVE-2022-20201, CVE-2022-20202, CVE-2021-35118, CVE-2021-20268, CVE-2021-20321, CVE-2021-35121, CVE-2021-3635, CVE-2021-3715, CVE-2021-3743, CVE-2021-3753, CVE-2021-38160, CVE-2022-0492, CVE-2022-20148, CVE-2022-20166, CVE-2022-26966, CVE-2021-35119
Low: none
Already included in previous updates:CVE-2021-39803, CVE-2022-20007, CVE-2022-20109, CVE-2022-20110, CVE-2020-11307, CVE-2021-30264, CVE-2020-11263, CVE-2021-1894, CVE-2021-30272, CVE-2021-30274, CVE-2021-30275, CVE-2021-30278, CVE-2021-30279, CVE-2021-30282
This security update includes the following HUAWEI patches:
CVE-2021-40016: Improper permission control vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-46741: Vulnerability of defects being introduced in the design process in the basic framework and settings module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect integrity.
CVE-2021-40012: Vulnerability of pointers being incorrectly used during data transmission in the video framework
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-31751: Multi-thread competition for resources in the kernel emcom module
Severity: Critical
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2021-40013: Improper permission control vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect integrity.
CVE-2022-34737: Incorrect permission assignment vulnerability in the application security module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2022-31755: Improper preservation of permissions vulnerability in the communications module
Severity: Medium
Affected versions: EMUI 11.0.1
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-34736: Null pointer vulnerability in the frame scheduling module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2022-34735: Null pointer vulnerability in the frame scheduling module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2022-34739: Addition overflow vulnerability in the fingerprint sensor module
Severity: High
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause the data of unknown addresses to be obtained from the address mapping.
CVE-2022-34742: Read/Write vulnerability in system components
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-34740: Buffer overflow vulnerability in the NFC module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-34741: Buffer overflow vulnerability in the NFC module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-31762: Input verification vulnerability in the AMS module
Severity: Medium
Affected versions: EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will cause unauthorized operations.
CVE-2022-34743: Out-of-bounds read vulnerability in the AT commands of the USB port
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-34738: Permission control vulnerability in the SystemUI module
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will cause the service running in the background being unable to be perceived by the user.
